cws_ns3 i think?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by superwelder, Oct 20, 2004.

  1. superwelder

    superwelder Private E-2

    Hi guys.
    I have a problem i think.Spysweeper keeps finding cws_ns3 and exactly 158
    traces about once a day or so.It says it removes it but wait a while and it says its back cws_ns3 and 158 traces.I'm also running adaware,cws shredder 2.0,antivir 9, and zone alarm.Spysweeper is the full version paid 29.99. I keep
    all programs updated nightly.I dont have any kind of hijacking or redirection.
    computer is running fine.for an old dell optiplex.What i do have is alot of stuff from pogo.com.could sweeper be finding this or some other program?Contacted webroot theye said to update and run in safe mode.did that.
    Didnt help.I've ran sweeper found cws closed out ran cws,adaware & spybot
    theye say my system is clean.Oh yeah all traces seem to be in my registry.
    I've also downloaded hjt.Thank you in advance for any help.
     
    superwelder, Oct 20, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    You should also run HSremove and About:Buster (both listed in the READ ME). Before running them, disconnect physically (unplug cable) from the Internet and make sure ALL browsers are closed. Run About:Buster and HSremove in normal boot mode then boot in safe mode and run About:Buster again. Save the logs from about:buster to a .txt file each time.

    After that come back and post the 2 about:buster logs. And if still having a problem read the guidelines on HJT posting (NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting) and post your log as a .txt file attachment.
     
    chaslang, Oct 21, 2004
    #2
  3. superwelder

    superwelder Private E-2

    sorry i could not get about buster to run. downloaded 3 times all three times it said it had a corrupt file to redownload. here are my 2 hjt logs minus some pogo and im stuff.the first is in safe mode.

    Edit by chaslang: Inline logs changed to an attachment
     

    Attached Files:

    Last edited by a moderator: Oct 23, 2004
    superwelder, Oct 23, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I did not need two HJT logs and when posted you MUST post them as attachments.

    Your problem may be the same as another user is having in the following thead:
    http://forums.majorgeeks.com/showthread.php?t=45373

    Try disabling C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
    from loading at startup and do a scan. Read what was posted in the above thread. If you have a registered version of SpwSweeper perhaps you should call them and question them about this detection. I not sure that it is really valid. Although who knows? This Broadjump crap has been suspected of being spy/ad ware for awhile.
     
    chaslang, Oct 23, 2004
    #4
  5. superwelder

    superwelder Private E-2

    thank you for all of your help.i will try your suggestion.already contacted webroot theye told me to boot in safe and rerun said my prob would be solved lol.
     
    superwelder, Oct 23, 2004
    #5
  6. chriscsugaree

    chriscsugaree Private E-2

    I tried this before I stopped CFD.exe for running at startup but it did not work. The scan in safe mod came out clean but all the traces were back after a normal reboot. I hope you have better luck.
     
    chriscsugaree, Oct 23, 2004
    #6
  7. chriscsugaree

    chriscsugaree Private E-2

    p.s. You also might want to try the "a website located here" link in message http://forums.majorgeeks.com/showthread.php?t=38752 and then compare the results of your HijackThis log analysis with the list of startup programs that you can get at Pacman's Portal http://www.sysinfo.org/startuplist.php You can even download this list in a zip so you can use it when you are offline. This friggin list is invaluable.
     
    chriscsugaree, Oct 23, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Chris, the HJT thread was already given in message # 2 !
     
    chaslang, Oct 24, 2004
    #8
  9. superwelder

    superwelder Private E-2

    I removed cdf exe and so far it seems to have worked thank you all for your help
     
    superwelder, Oct 24, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! Call up your ISP and ask them why they are using this garbage. And why is it running by default rather than only when you need to use it for them to debug a problem.
     
    chaslang, Oct 24, 2004
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds